They are not the same command. DENY specifically prevents someone from performing that action, even if they were GRANTed that permission via another means (role membership). REVOKE removes any GRANT or DENY on that permission for that user. Therefore, if you want to prevent them from creating databases, you have to use DENY.

I would be extremely careful about using CASCADE unless you absolutely know that the entire grantor-grantee path is valid for that operation.